Cyber criminals adopt new tactics to expand infrastructure and extract money


Cisco’s 2016 Annual Security Report makes for thought-provoking reading.
 

Cyber criminals (‘threat actors’) are becoming more confident and sophisticated, and returns from their campaigns are rising. The largest exploit kit operation in the US, Angler, targeted around 90,000 victims a day at times in 2015, and generates an estimated $34m annually.

 

Criminals focus on refining tactics and strengthening tech

Threat actors are mixing malicious and legitimate online resources to build up their infrastructure, giving them access to more computing power and more places online to operate from.

They are becoming more adept at evading detection. For example, threat actors are increasingly turning to compromised WordPress servers as relays to hide ransomware communications, or rolling through blocks of IP addresses.

 

Weak points must be addressed

Despite this, many organisations are failing to tackle known vulnerabilities. Malicious browser extensions affect more than 85% of organisations, leaving them open to data leakage. The majority (91.3%) of malware uses DNS in attacks, yet more than two thirds of companies do not monitor threats from recursive DNS.

Aging infrastructure is also leaving organisations more exposed. A sample of Cisco devices revealed that 92% were running software with known vulnerabilities, and nearly a third were ‘end of sale’

 

 

 

Changing corporate attitudes

SMBs were found to be using fewer defence tools and analytical processes compared to the previous year, with around a quarter believing they are not high-value targets.

Confidence in corporate security is falling: the number of organisations that said their security infrastructure was ‘very up to date’ dropped in 2015. And less than half (45%) are confident in their ability to determine the scope of a network compromise, and to remediate the damage.

However, this drop in confidence is providing the motivation to improve processes – the number of companies with a formal security strategy and regular security training is growing.

 

Download the report now to read more about why security professionals need to rethink their defence strategies.

Prijava

form-register.terms-and-condition

By registering to Ingram Micro’s flyHigher Partner Program, you opt in and agree to receive email communications from Ingram Micro flyHigher. Please note that the flyHigher database with your email address and other contact details is located in the EU and separate from Ingram Micro’s databases, but subject to Ingram Micro’s general privacy statement. If you wish to manage your preferences with Ingram Micro please do so at www.ingrammicro.com. If you wish to opt out from receiving emails from flyHigher or be removed from the flyHigher database, please email us here.

1. Select your country